Dave’s Computer Tips: Online Credit Card Security – part 1

Using our credit cards online is a security risk, but one most of us deal with. Actually, credit card payment for goods on line is relatively safe from fraudulent charges because credit card companies are required by US federal law to charge you a maximum of $50 dollars US if someone made unauthorized charges on your account (country laws may prevail here, so if you live outside the US, this may be different.) And if you discover a fraudulent charge and report it to the credit card company within 24 to 48 hours of receiving the statement, most will not charge you anything at all (Generally this takes effect after you submit an affidavit to their Fraud Department that you DID NOT make the charge.)

However, that does not make you safe from Identity Theft nor does it make your account number safe from the bad guys SELLING it to other bad guys. There are a whole host of other “bad” things that can happen to you if your CC account number gets stolen; such as the hassles you may have to endure if you need to change your account number, and regular monthly charges to the “old” account don’t go through because of that (changing the account number itself is a hassle). So just because you don’t necessarily have to suffer the fraudulent charges doesn’t mean you are safe from other consequences.
While there are some alternatives to CC payment, such as PayPal, configured to link with your checking account as the mode of payment (you can use PayPal to pay by Credit Card too), not all vendors use PayPal.

But for those vendors that have it, they will just redirect you to PayPal, and PayPal IS SSL encrypted (more on SSL in a bit). However, this article is not about transactions via PayPal. This is about Credit Card transactions handled by the site itself.

There are several things you can do to reduce the risk of your credit card account number getting stolen online. (Remember, you can only REDUCE your risk, you can’t eliminate it entirely . . . there’s no such thing as 100% security . . . so this is NOT a guarantee.)

In Part 1 here, I will deal with encryption as the mechanism for reducing risk.

Make sure your vendor uses secure encryption on the transaction page . . . indicated by an “https” in your browser’s address bar. That’s not necessarily a guarantee your account number won’t be stolen (more on that in a bit), but if the transaction page does NOT have Secure Sockets Layer (SSL) encryption, then it’s like shouting your account number to a clerk in a crowded brick and mortar store . . . everybody hears you say your account number. If the checkout page is NOT under valid SSL, DO NOT give out any personal information such as your Credit Card number.

There used to be a “lock” icon down in the status bar of IE to indicate SSL encryption, but recent versions have moved that “lock” icon up to the address bar. Clicking that icon in IE will give you SSL Certificate information: